Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware.

Slides:

Advertisements

Similar presentations

POSSIBLE THREATS TO DATA

Advertisements

By Hiranmayi Pai Neeraj Jain

7 Effective Habits when using the Internet Philip O’Kane 1.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

Computer Viruses.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Viruses & Destructive Programs

Chapter Nine Maintaining a Computer Part III: Malware.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Hierarchical file system Hierarchical file system - A hierarchical file system is how drives, folders, and files are displayed on an operating system.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

eScan Total Security Suite with Cloud Security

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Protecting Your Computer & Your Information

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

IT Security for Users By Matthew Moody.

Cyber crime & Security Prepared by : Rughani Zarana.

1 We’ve been p0wn’d? Review of 2015 Surface Transportation Cybersecurity Incidents 2015 TRB Session 850 Edward Fok USDOT/FHWA – Resource Center.

People use the internet more and more these days so it is very important that we make sure everyone is safe and knows what can happen and how to prevent.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

 a crime committed on a computer network, esp. the Internet.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

How to protect your computer By: Emily, Jackie and Kathleen.

INTERNET SAFETY FOR KIDS

Topic 5: Basic Security.

Chap1: Is there a Security Problem in Computing?.

Malicious Software.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Computer Skills and Applications Computer Security.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Computer Security By Duncan Hall.

Understand Malware LESSON Security Fundamentals.

Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:

Unit 2 Personal Cyber Security and Social Engineering Part 2.

How To Remove Flooders?-Get Help Website:

Managing Windows Security

Ilija Jovičić Sophos Consultant.

Common Methods Used to Commit Computer Crimes

Instructor Materials Chapter 7 Network Security

Secure Software Confidentiality Integrity Data Security Authentication

Cyber Security By: Pratik Gandhi.

Risk of the Internet At Home

Malware, Phishing and Network Policies

Presentation transcript:

Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware Vulnerabilities - Attack Techniques and Mitigation Strategy John Ruby Cyberlight Global Associates Georgian Security Analysis Center, Tbilisi, Georgia

Copyright © 2015 Cyberlight Global Associates Cyberlight What are we talking about? A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware. Hardware attacks are “relatively new” addition to the threat matrix Can be classed in 2 categories Exploit 1 or more vulnerabilities that exist in shipped products Use/rewrite firmware/control chips to spread malware Requires more sophisticated attack techniques but also much harder to detect Longer detection time => increased data vulnerability Much harder to remove (for example, most current anti-malware software can not detect firmware level malware, or remove it … … and then help you restore the firmware to its original state)

Copyright © 2015 Cyberlight Global Associates Cyberlight “Old school” hacking Evolution of “Traditional” methods of “unauthorized access”: Physical access Stolen/obtained passwords or backdoors(War Games ) Unauthorized terminal/system use(The Italian Job ) Physical manipulation of the device by the attacker(Terminator ) Network access Physical access no longer required Stolen/obtained passwords still effective backdoors Exploit operating system vulnerabilities(Sneakers – 1992) Exploit software vulnerabilities (web server, database, etc.) Network access + offensive tactics Viruses – often executable files, requires user execution(Independence Day – 1996) Worms – take advantage of system processes to move unaided (via various network transport functions) Trojan Horses – harmful software that looks like something legitimate

Copyright © 2015 Cyberlight Global Associates Cyberlight Familiar Tactics & Techniques As security people we know the common means attacker try to gain access: Links & Attachments Phishing / Spear-phishing (becoming more and more detailed!) Direct attacks on public facing servers Exploit web servers and internet-facing databases 3 rd party attacks (attack the site that serves the advertising to the site users visit)

Copyright © 2015 Cyberlight Global Associates Cyberlight Familiar Tactics & Techniques (2) You can educate people … but people still like “free”. Online they see: Get your favorite movie without paying … … just download my free “movie viewer” to bypass the copy protection Don’t pay for software – get it free on The Pirate Bay or similar “sharing” sites Get the actual software Or a download a “license key generator”

Copyright © 2015 Cyberlight Global Associates Cyberlight Hardware Vulnerabilities Number of exploits increasing Technically more challenging to implement but … Forums on the deep-web discuss the “how” Tools made available for trade or purchase Advice on writing new exploits freely available Components most vulnerable USB connections (BadUSB exploit, NetUSB vulnerability) Memory (FDR, Rowhammer) Wireless Access Points (massive firmware vulnerabilities) Exploits are easy to implement Many brands remain unpatched EVEN AFTER the vendor was notified of the vulnerability EVEN AFTER the vendor releases a firmware update

Copyright © 2015 Cyberlight Global Associates Cyberlight Who has the resources to do this? National Government Legitimate business Organized crime

Copyright © 2015 Cyberlight Global Associates Cyberlight Wireless Access Points Known vendors with vulnerabilities D-Link NetGear TP-Link Trendnet ZyXEL proably others as well Over 100 separate products identified (as of October 2015) One exploit involves executing completely valid administrative HNAP actions (Yes, the affected models have no safety in the firmware to prevent unauthenticated users from doing this.)

Copyright © 2015 Cyberlight Global Associates Cyberlight Sample – a simple exploit script

Copyright © 2015 Cyberlight Global Associates Cyberlight Memory exploits Multiple attack vectors Certain functions allow unchecked direct memory access (for example, plugging in certain external devices) Via DMA, code on the attached device can be used to flip 1’s to 0’s or 0’s to 1’s in memory … allowing the attacker to intercept certain processes and impose a predetermined result. The Rowhammer USB exploit rewrites bits of memory in the same locations, causing leaks that bypassing most operating system protections. (Works even better in virtualized environments.)

Copyright © 2015 Cyberlight Global Associates Cyberlight Mitigation 1.Look at vulnerabilities in Vendor hardware. Don’t _ask_ the vendor about their firmware update/patch process Research how the vendor actually performs 2.Patch your firmware Be as vigilant as you are with your software Determine if you also need to update software (operating systems) of your hardware 3.USB devices Easily compromised at this point It’s not just malware in memory on the drive; it’s malware on the control chips on the USB drive Know your supplier (Does the device come from a location where malware / hacking is not prosecuted or worse, state endorced?) Learn to think of USB memory as disposable.

Copyright © 2015 Cyberlight Global Associates Cyberlight Thank you Cyberlight Global Associates John Ruby mobile: